Ballot for charter-ietf-secevent
Yes
No Objection
Note: This ballot was opened for revision 00-00 and is now closed.
Ballot question: "Is this charter ready for external review?"
Kathleen, can you suggest specific change to the charter to address your concern?
I think this charter is missing a note about other WGs or groups that it is going to coordinate with.
Shouldn't the method for delivering the event be a secure method? How about adding on a sentence after the following section: The Security Events working group will produce a standards-track Event Token specification that includes: - A JWT extension for expressing security events - A syntax that enables event-specific data to be conveyed This Event Token specification will be event transport independent. Adding: A secure transport will be specified.
I find the milestone timeline quite agressive but okay.
I have the same question Kathleen asked (so I'll watch the discussion in that thread).
I have a few things I'd like to see improved before this WG is approved. It's fine that that's done during external evaluation though. - What is an "identity related protocol"? I think it'd be way better to be as specific as possible about what's meant here. - I'm concerned that this bit is overly generic and will lead to delays. It'd be better if the set of relevant events was better characterised in the charter before we start I think. "The Security Events working group will produce a standards-track Event Token specification that includes: - A JWT extension for expressing security events - A syntax that enables event-specific data to be conveyed" - I agree with Kathleen that only secure transports make sense here and that can and should be in the charter. - I think there's some missing text on privacy - we don't want this work to end up helping e.g. advertisers track people across web sites. And we don't want exchange of event information to lead to two co-operating partners being able to build up databases of each others' employees. I'm not sure what'd be right to put in the charter though.